[ic] userdb and mv_username question
Mike Heins
mike at perusion.com
Wed Mar 25 19:08:08 UTC 2009
Quoting Davor Ocelic (docelic at spinlocksolutions.com):
> On Wed, 25 Mar 2009 16:31:03 +0000
> Rick Bragg <lists at gmnet.net> wrote:
>
> > Hello,
> >
> > I am using the affiliate database and I set up a login page that works
> > fine. I am using the email login, so the "affiliate" column has
> > "U0001" and the email column is unique. Again, all that works
> > perfect. I can log in, create accounts, etc and everything is
> > perfect.
> >
> > However, when I use the following code, I get logged in fine, but
> > there is nothing in [value mv_username]!
>
> Hey,
>
> As I understand it, mv_username is primarily a CGI variable which
> you pass from a form to Interchange when you want to log in (and
> when you use the default Interchange's UserDB functions which
> expect the username in mv_username).
>
> After the user is logged in, [data session username] or
> $Session->{username} is what you should be using, not
> value mv_username.
Absolutely correct. And when you realize that [value ...] is settable by
the user, that makes sense. You don't want someone appending
"&mv_username=admin" on their URL and changing the catalogs behavior.
Appending &fname=Fooboy is OK, because you set that stuff in the
forms the user controls anyway.
--
Mike Heins
Perusion -- Expert Interchange Consulting http://www.perusion.com/
phone +1.765.328.4479 <mike at perusion.com>
The sun, with all those planets revolving around it and dependent on it,
can still ripen a bunch of grapes as if it had nothing else in the
universe to do. -- Galileo
More information about the interchange-users
mailing list